A novel security risk evaluation for information systems

Zaobin Gan*, Jiufei Tang, Ping Wu, Vijay Varadharajan

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

3 Citations (Scopus)

Abstract

Quantitative security risk evaluation of information systems is increasingly drawing more and more attention. This paper extends the attack tree model, and proposes a new quantitative risk evaluation method .While the risk value of the leaf node (atomic attack) is quantified, the multiattribute utility theory is adopted. All algorithms are presented for each steps of this new evaluation method. In addition, a worked example is also experimented in this paper. The experimental result shows that the novel method can not only make the evaluation result more reasonable and objective, but also offer a good foundation for the implementation of the automatic evaluation tool.

Original languageEnglish
Title of host publicationProceedings - 2007 Japan-China Joint Workshop on Frontier of Computer Science and Technology, FCST 2007
Place of PublicationLos Alamitos, Calif
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages67-73
Number of pages7
ISBN (Print)0769530362, 9780769530369
DOIs
Publication statusPublished - 2007
Event2007 Japan-China Joint Workshop on Frontier of Computer Science and Technology, FCST 2007 - Wuhan, China
Duration: 1 Nov 20073 Nov 2007

Other

Other2007 Japan-China Joint Workshop on Frontier of Computer Science and Technology, FCST 2007
Country/TerritoryChina
CityWuhan
Period1/11/073/11/07

Fingerprint

Dive into the research topics of 'A novel security risk evaluation for information systems'. Together they form a unique fingerprint.

Cite this